Closed tehXor closed 7 years ago
Hi, it is very important that you are running Rspamd >= 1.5.
Hmm, I'm using the current mailcow/rspamd:latest
and docker-compose exec rspamd-mailcow rspamadm --version
says I have Rspamadm 1.5.4
. I'm not sure though if this means that Rspamd itself also is > 1.5...
I cannot reproduce it.
What is in the logs when you send out a mail? Have you changed the selector or anything like this?
Am 24.03.2017 um 15:50 schrieb Till notifications@github.com:
Hmm, I'm using the current mailcow/rspamd:latest and docker-compose exec rspamd-mailcow rspamadm --version says I have Rspamadm 1.5.4. I'm not sure though if this means that Rspamd itself also is > 1.5...
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
The logs when sending a mail only seem to differ in the lines
rspamd-mailcow_1 | 2017-03-24 16:47:56 #13(normal) <c1c0db>; lua; [string "r...]:7: set domain found in smtp from field to domain.de
rspamd-mailcow_1 | 2017-03-24 16:47:56 #13(normal) <c1c0db>; lua; [string "r...]:21: found dkim key file for domain domain.de
which are present when I (re)start rspamd
with the old dkim.conf
but are missing without it. I can't see any errors or things like that without the old file (but maybe I'm looking for the wrong entries).
DKIM selector is the mailcow default dkim
and I'm not aware of any other changes... Maybe it's a problem with the old data in /var/lib/rspamd/
? But I don't really like to just flush that as I'm not exactly sure what is saved in it...
Can you try this first? =>
docker-compose stop rspamd-mailcow
docker-compose rm rspamd-mailcow
docker rmi mailcow/rspamd
docker pull mailcow/rspamd
docker-compose up -d
Just to be sure there is no problem with the image itself. Are you fine with sending me your docker-compose rspamd-mailcow rspamadm configdump
output to info@servercow.de ?
@tehXor Can you retry with the latest image?
Sorry for being so late! I just merged and repulled. Now DKIM signing works out of the box with only the old dkim.conf
. Judging from the rspamd web GUI I'd assume we moved back one version? Let me know If I could test/do anything (i.e. should I try the new/old dkim_signing.conf
with this images?).
Yes, it was an unstable build, so this should not have been 1.5.4 anyway - sorry.
You could try to remove the local.d/dkim.conf (not that one in the image) and re-add dkim_signing.conf to local.d. That would be great! :-)
So, when I remove the old dkim.conf
and re-add dkim_signing.conf
it looks like DKIM signing works for the @domain.de
of the user but not for any alias. So if a user username@domain1.de
sends with the alias aliasusername@domain2.de
the mail doesn't get signed.
Besides the missing DKIM_SIGNED
symbol of the outgoing mail I cannot see any difference in the rspmad log...
But you added the key for domain2? That's just a matter of configuration then, I think. Thank you!
Am 27.03.2017 um 14:45 schrieb Till notifications@github.com:
So, when I remove the old dkim.conf and re-add dkim_signing.conf it looks like DKIM signing works for the @domain.de of the user but not for any alias. So if a user username@domain1.de sends with the alias aliasusername@domain2.de the mail doesn't get signed. Besides the missing DKIM_SIGNED symbol of the outgoing mail I cannot see any difference in the rspmad log...
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
Yes, all DKIM keys for all domains were always present and unchanged.
Should work with use_domain = "envelope";
- can you verify this? :-)
Edit: No, sorry, allow_username_mismatch = true;
should be the way to go.
yup, changing both or only allow_username_mismatch = true;
works. I'd guess that use_domain = "envelope";
is also the better option, as there may be mailing software which is doing unexpected stuff to the header (i.e. ticketing/CRM systems which set the from to the users configured e-mail adresse no matter if it's an internal or external one) and I don't see that potential with the envelope right now. Considering this allow_hdrfrom_mismatch = false;
maybe could be changed as well - or do you see security problems with it?
I think it's safe to close this as it meanwhile should work with whatever specific setup in current versions (:
Without any changes to my key files or their location in the current master branch and with
/data/conf/rspamd/local.d/dkim_signing.conf
but without/data/conf/rspamd/local.d/dkim.conf
DKIM signing isn't working. When I re-add the olddkim.conf
(and keep the newdkim-signing.conf
) it is working again.I haven't looked into it a lot yet, however without
dkim.conf
no condition script seems to be loaded while with it there is the following log line:#8(main) <o9hcin>; cfg; dkim_module_config: init condition script for DKIM signing
I'm not sure if it should work without the condition script due to
dkim_signing.conf
now?